tis 2009-09-29 klockan 21:28 -0500 skrev David Boyer: > I've been using squid_ldap_auth (Squid 2.7, SLES 11) for basic > authentication, and it wasn't terribly difficult to set up. What > concerns me is the passing of credentials from the browser to Squid in > plain text. When we use basic authentication anywhere else, the web > site usually requires HTTPS. I'm not seeing an easy way to do that > with Squid. Squid can via it's https_port directive, but there is no known browsers supporting SSL encrypted proxy connections. > We have a full Active Directory environment, and everyone using Squid has a domain account. Our users use a combination of Firefox 3.x, IE, and Safari. Then NTLM or Kerberos/Negotiate authentication should be a viable option for you. The other available option Digest authentication unfortunately can not integrate with Active Directory that easy... > What options are there for using authentication with Squid while also > ensuring the credentials passed between the browser and Squid are > encrypted? The stunnel approach would not be an option for us. And neither is pushing the browser vendors to have support for SSL encrypted proxy connections I suppose? Regards Henrik
